Security News > 2022 > May > Google: Predator spyware infected Android devices using zero-days

In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.

The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.

"All three campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited - in each case, we assess the number of targets was in the tens of users," the Google TAG analysts added.

Spyware implant dropped using Android banking trojan.

In these campaigns, the attackers first installed the Android Alien banking trojan with RAT functionality used to load the Predator Android implant, allowing recording audio, adding CA certificates, and hiding apps.

As Google TAG researchers revealed, Russian-backed government hackers linked to the Russian Foreign Intelligence Service exploited the Safari zero-day to target iOS devices belonging to government officials from western European countries.

News URL

https://www.bleepingcomputer.com/news/security/google-predator-spyware-infected-android-devices-using-zero-days/